securenow 7.7.13 → 7.7.15

package/web-vite.mjs

@@ -11,9 +11,24 @@ import { UserInteractionInstrumentation } from '@opentelemetry/instrumentation-u
 import { FetchInstrumentation } from '@opentelemetry/instrumentation-fetch';
 import { XMLHttpRequestInstrumentation } from '@opentelemetry/instrumentation-xml-http-request';
 
-// ---- helpers / env ----
+// ---- helpers / browser config ----
 const viteEnv = import.meta.env || {};
 
+const ENV_TO_BROWSER_CONFIG_PATH = Object.freeze({
+  SECURENOW_APPID: 'app.key',
+  SECURENOW_INSTANCE: 'config.otel.endpoint',
+  OTEL_SERVICE_NAME: 'app.name',
+  OTEL_EXPORTER_OTLP_ENDPOINT: 'config.otel.endpoint',
+  OTEL_EXPORTER_OTLP_TRACES_ENDPOINT: 'config.otel.tracesEndpoint',
+  OTEL_EXPORTER_OTLP_HEADERS: 'config.otel.headers',
+  SECURENOW_NO_UUID: 'config.runtime.noUuid',
+  SECURENOW_STRICT: 'config.runtime.strict',
+  SECURENOW_TEST_SPAN: 'config.runtime.testSpan',
+  SECURENOW_HIDE_BANNER: 'config.runtime.hideBanner',
+  SECURENOW_ENVIRONMENT: 'config.runtime.deploymentEnvironment',
+  SECURENOW_DEPLOYMENT_ENVIRONMENT: 'config.runtime.deploymentEnvironment',
+});
+
 function createResource(attributes) {
   if (typeof otelResources.resourceFromAttributes === 'function') {
     return otelResources.resourceFromAttributes(attributes);
@@ -24,17 +39,62 @@ function createResource(attributes) {
   throw new Error('Unsupported @opentelemetry/resources version');
 }
 
+function legacyViteEnvFallbackEnabled() {
+  const raw =
+    viteEnv.SECURENOW_ENABLE_LEGACY_ENV ??
+    viteEnv.VITE_SECURENOW_ENABLE_LEGACY_ENV ??
+    viteEnv.SECURENOW_ALLOW_ENV_CONFIG ??
+    viteEnv.VITE_SECURENOW_ALLOW_ENV_CONFIG;
+  return /^(1|true|yes)$/i.test(String(raw || '').trim());
+}
+
+function getPath(obj, path) {
+  if (!obj || !path) return undefined;
+  let cur = obj;
+  for (const part of String(path).split('.')) {
+    if (cur == null || typeof cur !== 'object' || !(part in cur)) return undefined;
+    cur = cur[part];
+  }
+  return cur;
+}
+
+function headersToString(headers) {
+  if (!headers || typeof headers !== 'object' || Array.isArray(headers)) return undefined;
+  return Object.entries(headers)
+    .filter(([, value]) => value !== undefined && value !== null && value !== '')
+    .map(([key, value]) => `${key}=${value}`)
+    .join(',');
+}
+
+function toConfigString(value) {
+  if (value === undefined || value === null || value === '') return undefined;
+  if (typeof value === 'boolean') return value ? '1' : '0';
+  if (Array.isArray(value)) return value.join(',');
+  if (typeof value === 'object') return headersToString(value);
+  return String(value);
+}
+
 function env(k) {
-  // Accept both Vite envs (VITE_*) and raw names for window.__SECURENOW__
+  // Browser config should be injected as window.__SECURENOW__ by the app.
+  const w = globalThis.window;
+  const injected = w && w.__SECURENOW__;
+  const mappedPath = ENV_TO_BROWSER_CONFIG_PATH[String(k).toUpperCase()];
+  if (injected) {
+    if (mappedPath) {
+      const mappedValue = getPath(injected, mappedPath);
+      const resolved = toConfigString(mappedValue);
+      if (resolved !== undefined) return resolved;
+    }
+    if (!mappedPath && k in injected) return toConfigString(injected[k]);
+  }
+
+  // Vite env fallbacks are legacy and disabled by default.
+  if (!legacyViteEnvFallbackEnabled()) return undefined;
   const direct =
     viteEnv[k] ??
     viteEnv[k.toUpperCase()] ??
     viteEnv[k.toLowerCase()];
   if (direct != null) return String(direct);
-
-  // Optionally support runtime overrides via window.__SECURENOW__
-  const w = globalThis.window;
-  if (w && w.__SECURENOW__ && k in w.__SECURENOW__) return String(w.__SECURENOW__[k]);
   return undefined;
 }
 
@@ -51,20 +111,47 @@ function parseHeaders(str) {
   return out;
 }
 
+function normalizeEndpointBase(value) {
+  const endpoint = String(value || '').trim().replace(/\/$/, '');
+  if (!endpoint) return endpoint;
+  if (endpoint === 'https://api.securenow.ai/api/otlp') return 'https://ingest.securenow.ai';
+
+  try {
+    const parseable = /^[a-z][a-z0-9+.-]*:\/\//i.test(endpoint) ? endpoint : `https://${endpoint}`;
+    const url = new URL(parseable);
+    if (url.port === '4318' && url.hostname.toLowerCase().endsWith('.securenow.ai')) {
+      return 'https://ingest.securenow.ai';
+    }
+  } catch {}
+
+  return endpoint;
+}
+
+function normalizeSignalEndpoint(value, signalType) {
+  if (!value) return value;
+  const endpoint = String(value).trim().replace(/\/$/, '');
+  const signalPath = `/v1/${signalType}`;
+  if (endpoint.endsWith(signalPath)) {
+    return `${normalizeEndpointBase(endpoint.slice(0, -signalPath.length))}${signalPath}`;
+  }
+  return endpoint;
+}
+
 // ---- endpoints (same defaults as tracing.js) ----
 const endpointBase =
-  (env('SECURENOW_INSTANCE') || env('OTEL_EXPORTER_OTLP_ENDPOINT') || 'https://freetrial.securenow.ai:4318')
-    .replace(/\/$/, '');
+  normalizeEndpointBase(env('SECURENOW_INSTANCE') || env('OTEL_EXPORTER_OTLP_ENDPOINT') || 'https://ingest.securenow.ai');
 const tracesUrl =
-  env('OTEL_EXPORTER_OTLP_TRACES_ENDPOINT') || `${endpointBase}/v1/traces`;
+  normalizeSignalEndpoint(env('OTEL_EXPORTER_OTLP_TRACES_ENDPOINT'), 'traces') || `${endpointBase}/v1/traces`;
 const headers = parseHeaders(env('OTEL_EXPORTER_OTLP_HEADERS'));
+const deploymentEnvironment =
+  env('SECURENOW_DEPLOYMENT_ENVIRONMENT') || env('SECURENOW_ENVIRONMENT') || viteEnv.MODE || 'production';
 
 // ---- naming rules (mirrors tracing.js) ----
 const rawBase = (env('OTEL_SERVICE_NAME') || env('SECURENOW_APPID') || '').trim().replace(/^['"]|['"]$/g, '');
 const baseName = rawBase || null;
 // Default to no suffix whenever a baseName is resolved: the dashboard filters
 // service.name by exact match, and browsers have no PM2 cluster problem
-// (each tab has its own service.instance.id). Explicit SECURENOW_NO_UUID=0
+// (each tab has its own service.instance.id). Explicit config.runtime.noUuid=false
 // still re-enables the suffix if someone really wants it.
 const noUuidEnv = env('SECURENOW_NO_UUID');
 const noUuid =
@@ -95,7 +182,7 @@ if (baseName) {
   serviceName = noUuid ? baseName : `${baseName}-${uuidv4()}`;
 } else {
   if (strict) {
-    console.error('[securenow/web-vite] FATAL: SECURENOW_APPID/OTEL_SERVICE_NAME missing and SECURENOW_STRICT=1. Tracing disabled.');
+    console.error('[securenow/web-vite] FATAL: SecureNow app key missing and config.runtime.strict=true. Tracing disabled.');
     // @ts-expect-error
     window.__SECURENOW_DISABLED__ = true;
     disabled = true;
@@ -112,7 +199,7 @@ const serviceInstanceId = `${instancePrefix}-${uuidv4()}`;
 try {
   // eslint-disable-next-line no-console
   console.log(
-    '[securenow] web preload loaded SECURENOW_APPID=%s OTEL_SERVICE_NAME=%s SECURENOW_NO_UUID=%s SECURENOW_STRICT=%s → service.name=%s instance.id=%s',
+    '[securenow] web preload loaded app.key=%s app.name=%s config.runtime.noUuid=%s config.runtime.strict=%s → service.name=%s instance.id=%s',
     JSON.stringify(env('SECURENOW_APPID')),
     JSON.stringify(env('OTEL_SERVICE_NAME')),
     JSON.stringify(env('SECURENOW_NO_UUID')),
@@ -138,7 +225,7 @@ export function startSecurenowWeb() {
     resource: createResource({
       [S.SERVICE_NAME]: serviceName,
       [S.SERVICE_INSTANCE_ID]: serviceInstanceId,
-      [S.DEPLOYMENT_ENVIRONMENT]: viteEnv.MODE || 'production',
+      [S.DEPLOYMENT_ENVIRONMENT]: deploymentEnvironment,
       [S.SERVICE_VERSION]: viteEnv.VITE_APP_VERSION || undefined,
     }),
     spanProcessors: [new BatchSpanProcessor(exporter)],
@@ -174,9 +261,9 @@ export function startSecurenowWeb() {
 
 // ---- Free trial banner (browser DOM injection) ----
 function injectFreeTrialBanner() {
-  const FREETRIAL_HOST = 'freetrial.securenow.ai';
+  const FREE_TRIAL_HOSTS = ['ingest.securenow.ai', 'freetrial.securenow.ai'];
   const hideBanner = String(env('SECURENOW_HIDE_BANNER')) === '1';
-  if (hideBanner || !endpointBase.includes(FREETRIAL_HOST)) return;
+  if (hideBanner || !FREE_TRIAL_HOSTS.some(host => endpointBase.includes(host))) return;
   if (typeof document === 'undefined') return;
 
   function create() {